Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    KMSauto-setup.exe

  • Size

    3.8MB

  • Sample

    230421-nhkmwahb4y

  • MD5

    c7e2bb8d867d4f4bb484cfe674a16c55

  • SHA1

    fdd4fbd30bc2db3faf199799bb732dbf3a137a1a

  • SHA256

    727a5380cc5975839d6411d42569d834a337d139fb40f2e94e855835e2b538d6

  • SHA512

    c8596183949d7c888724374f48c202b2f96af8a32654234f746124b0a3476682ab109c7bc293a4c5a8b8e0661a56c954ab467c5d86b9b789237f86acadd596d3

  • SSDEEP

    98304:CpyfN3PlMJaE15aViYyf6L0c6veW0YDr9C3PVbiUk:SyfQJt15RY66gnZvJUk

Malware Config

Extracted

Family

redline

Botnet

0215

C2

badinytlesi.xyz:80

yaliesarevi.xyz:80

Attributes
  • auth_value

    c9dd5ca07f69257239203a3c44bb8a57

Targets

    • Target

      KMSauto-setup.exe

    • Size

      3.8MB

    • MD5

      c7e2bb8d867d4f4bb484cfe674a16c55

    • SHA1

      fdd4fbd30bc2db3faf199799bb732dbf3a137a1a

    • SHA256

      727a5380cc5975839d6411d42569d834a337d139fb40f2e94e855835e2b538d6

    • SHA512

      c8596183949d7c888724374f48c202b2f96af8a32654234f746124b0a3476682ab109c7bc293a4c5a8b8e0661a56c954ab467c5d86b9b789237f86acadd596d3

    • SSDEEP

      98304:CpyfN3PlMJaE15aViYyf6L0c6veW0YDr9C3PVbiUk:SyfQJt15RY66gnZvJUk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks